package com.lg.atp.sercurity;


import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.web.servlet.MultipartAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy;
import org.springframework.security.web.session.ConcurrentSessionFilter;
import org.springframework.web.multipart.commons.CommonsMultipartResolver;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	@Autowired
	private MyDaoAuthticationProvider myDaoAuthticationProvider;
	
    @Override
    protected void configure(HttpSecurity http) throws Exception {
    	
    	    http.addFilterBefore(sessionTimeoutFilter(), ConcurrentSessionFilter.class);
            http.authorizeRequests()
                .antMatchers("/layui/**","/jstree/**","/css/**","/images/**","/js/**","/wsServices/**","/")
                .permitAll()
                .anyRequest()
                .authenticated();
            http.formLogin()
                .loginPage("/")
                .usernameParameter("username").passwordParameter("password")
                .successHandler(mySuccessHandler())
                .failureUrl("/")
                .permitAll();
            http.logout()
                .logoutSuccessUrl("/")
                .deleteCookies("JSESSIONID")
                .invalidateHttpSession(true);
            http.exceptionHandling()
            	.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
            	.accessDeniedHandler(accessDeniedHandler());
            http
            	.sessionManagement()
            	.sessionFixation()
            	.migrateSession()
            	.maximumSessions(1)
            	.sessionRegistry(sessionRegistry())
            	.expiredUrl("/")
            	.maxSessionsPreventsLogin(true);
        
                
        http.csrf().disable();
        http.headers().disable();
    }
   
    @Bean
    public AccessDeniedHandler accessDeniedHandler(){
    	
    	AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl();
    	accessDeniedHandler.setErrorPage("/");
    	return accessDeniedHandler;
    }
    
    @Bean
    @Override
    public AuthenticationManager authenticationManager() throws Exception {
    return super.authenticationManager();
     
    }
     
 
    @Override
	protected void configure(AuthenticationManagerBuilder auth)
			throws Exception {
		auth.authenticationProvider(myDaoAuthticationProvider);
		
	}
    
    @Bean
	public BCryptPasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder(4);
	}
    
	@Bean
	public SessionRegistry sessionRegistry(){
	
		return new SessionRegistryImpl(); 
	
	}
	
	
	@Bean
	public ConcurrentSessionControlAuthenticationStrategy concurrentSessionControlStrategy(){
		return new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry());
	}
	
	
	@Bean
	public SessionTimeoutFilter sessionTimeoutFilter(){
		SessionTimeoutFilter sessionTimeoutFilter = new SessionTimeoutFilter(); 
		sessionTimeoutFilter.setSessionTimeoutUrl("/");
		return sessionTimeoutFilter;
	}
	
	@Bean
	public MySuccessHandler mySuccessHandler(){
		MySuccessHandler mySuccessHandler = new MySuccessHandler();
		mySuccessHandler.setDefaultTargetUrl("/main");
		return mySuccessHandler;
	}
	
}
